QwikSec

Security Database

CVE

CWE

Training

CVE-2012-2275

Published: Sep 15, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in TestLink 1.9.3 and earlier allow remote attackers to hijack the authentication of users for requests that add, delete, or modify sensitive information, as demonstrated by changing the administrator's email via an editUser action to lib/usermanagement/userInfo.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

exploit

x_refsource_EXPLOIT-DB

http://packetstormsecurity.org/files/116275/TestLink-1.9.3-Cross-Site-Request-Forgery.html

x_refsource_MISC

testlink-userinfo-csrf(78306)

vdb-entry

x_refsource_XF

20120905 Cross-Site Request Forgery (CSRF) in TestLink

mailing-list

x_refsource_BUGTRAQ

http://gitorious.org/testlink-ga/testlink-code/commit/252788c2373e73173172ada9af661e0721599891

x_refsource_CONFIRM

http://gitorious.org/testlink-ga/testlink-code/commit/c8751a3c9ad8970b49d1bf882203efacd10af087

x_refsource_CONFIRM

http://gitorious.org/testlink-ga/testlink-code/commit/2d4ac941314f8bda80e265c9de8bacf17d1cd3e6

x_refsource_CONFIRM

https://www.htbridge.com/advisory/HTB23088

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.